[sr-dev] git:master:bcd59d73: core: protect for int value overflow on string convert

Daniel-Constantin Mierla miconda at gmail.com
Mon Nov 29 11:25:40 CET 2021


Module: kamailio
Branch: master
Commit: bcd59d73e2fc5ae8e14cad520e726ef431f0563f
URL: https://github.com/kamailio/kamailio/commit/bcd59d73e2fc5ae8e14cad520e726ef431f0563f

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2021-11-29T11:25:08+01:00

core: protect for int value overflow on string convert

---

Modified: src/core/ut.h

---

Diff:  https://github.com/kamailio/kamailio/commit/bcd59d73e2fc5ae8e14cad520e726ef431f0563f.diff
Patch: https://github.com/kamailio/kamailio/commit/bcd59d73e2fc5ae8e14cad520e726ef431f0563f.patch

---

diff --git a/src/core/ut.h b/src/core/ut.h
index 385db99ca7..1dd0706f59 100644
--- a/src/core/ut.h
+++ b/src/core/ut.h
@@ -662,9 +662,10 @@ static inline int str2int(str* _s, unsigned int* _r)
 	str2unval(_s, _r);
 }
 
-#define str2snval(_s, _r) do { \
+#define str2snval(_s, _r, _vmin, _vmax) do { \
 		int i; \
 		int sign; \
+		long long ll; \
 		if (_s == NULL) return -1; \
 		if (_r == NULL) return -1; \
 		if (_s->len < 0) return -1; \
@@ -680,13 +681,25 @@ static inline int str2int(str* _s, unsigned int* _r)
 		} \
 		for(; i < _s->len; i++) { \
 			if ((_s->s[i] >= '0') && (_s->s[i] <= '9')) { \
+				if(*_r > _vmax/10) { \
+					return -1; \
+				} \
 				*_r *= 10; \
+				if(*_r > _vmax - (_s->s[i] - '0')) { \
+					return -1; \
+				} \
 				*_r += _s->s[i] - '0'; \
 			} else { \
 				return -1; \
 			} \
 		} \
-		*_r *= sign; \
+		if(sign < 0) { \
+			ll = (long long)(*_r) * sign; \
+			if(ll < _vmin) { \
+				return -1; \
+			} \
+			*_r *= sign; \
+		} \
 		return 0; \
 	} while(0)
 
@@ -695,7 +708,7 @@ static inline int str2int(str* _s, unsigned int* _r)
  */
 static inline int str2slong(str* _s, long* _r)
 {
-	str2snval(_s, _r);
+	str2snval(_s, _r, LONG_MIN, LONG_MAX);
 }
 
 
@@ -704,7 +717,7 @@ static inline int str2slong(str* _s, long* _r)
  */
 static inline int str2sint(str* _s, int* _r)
 {
-	str2snval(_s, _r);
+	str2snval(_s, _r, INT_MIN, INT_MAX);
 }
 
 




More information about the sr-dev mailing list